EternalBlue Exploit Used in Retefe Banking Trojan Campaign

Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal Read More …

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Read More …

Immediately Patch Windows 0-Day Flaw That’s Being Used to Spread Spyware

Windows 0-Day Flaw Get ready to install a fairly large batch of security patches onto your Windows computers. As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 Read More …

A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

How much does your privacy cost? It will soon be sold for half a Million US dollars. A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popular Read More …

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence Read More …

Hackers are using this new attack method to target power companies

Phishing emails, used to steal credentials from critical infrastructure firms, can silently harvest data without even using macros, researchers have warned. Hackers are targeting energy companies, including those working in nuclear power and other critical infrastructures providers, with a technique Read More …

Shadow Brokers teases more Windows exploits and cyberespionage data

A group of hackers that previously leaked alleged U.S. National Security Agency exploits claims to have even more attack tools in its possession and plans to release them in a new subscription-based service. The group also has intelligence gathered by the Read More …